使用 CloudWatch 监控 Guardduty 调查结果
[英]Monitoring Guardduty findings using CloudWatch
问题描述
I have been trying to find a way to use aws CloudWatch to monitor Guardduty findings.
我一直在尝试寻找一种方法来使用 aws CloudWatch 来监控 Guardduty 的调查结果。 Looks like there is no simple way to integrate the two services?看起来没有简单的方法来集成这两个服务?
So far, I have only been able to create a SNS topic and have it send me an email based on Guardduty findings.到目前为止,我只能创建一个 SNS 主题并让它根据 Guardduty 的调查结果向我发送 email。 I would like to setup a dashboard in Cloudwatch which would show me details of any finding(s) from Guardduty.我想在 Cloudwatch 中设置一个仪表板,它将向我显示来自 Guardduty 的任何发现的详细信息。
Is there a way to create an alarm in Cloudwatch for findings in Guardduty or use Cloudwatch metrics?有没有办法在 Cloudwatch 中针对 Guardduty 中的发现创建警报或使用 Cloudwatch 指标? Any guidance on how best to use Cloudwatch to monitor Guardduty (if its at all possible) would be greatly appreciated.任何关于如何最好地使用 Cloudwatch 来监控 Guardduty 的指导(如果可能的话)将不胜感激。
1 个解决方案
解决方案1
1 已采纳 2021-03-05 05:33:28
There is no direct integration between GuardDuty (GT) and CloudWatch Metrics (CWM). GuardDuty (GT) 和 CloudWatch Metrics (CWM) 之间没有直接集成。 Instead there is integration with CloudWatch Events (CWE).取而代之的是与 CloudWatch Events (CWE) 的集成。
Thus, you could use CWE to stream the events to CW Logs (CWLs).因此,您可以将 CWE 用于stream 将事件用于 CW 日志(CWL)。 For that you would setup a rule in CWE with target of a log group in CWL.为此,您将在 CWE 中设置一个规则,其目标是 CWL 中的日志组。 Then you would setup filter metrics on the log group based on what kind of GT events do you you want to measure.然后,您将根据您想要测量的 GT 事件类型在日志组上设置过滤指标。 Having the metric filters, you could then setup CW Alarms.有了指标过滤器,您就可以设置 CW 警报。
Subsequently, having the metric filters and alarms, you can create your CW Dashboards.随后,有了指标过滤器和警报,您可以创建 CW 仪表板。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.